Fjord Token Staking

Summary

A low-severity vulnerability has been identified in the AuctionFactory contract's createAuction function. The function uses transferFrom instead of safeTransferFrom when transferring tokens, which may lead to silent failures with non-standard ERC20 implementations.

Vulnerability Details

The vulnerability is located in the createAuction function of the AuctionFactory contract:

The function uses transferFrom to move tokens from the caller to the newly created auction contract. However, auctionToken is an input parameter, meaning it could be any ERC20 token address provided by the caller. Not all ERC20 implementations strictly follow the standard, particularly in how they handle failed transfers.

Some non-standard ERC20 tokens might not revert on failed transfers but instead return false. The current implementation doesn't check the return value of transferFrom, which could lead to a situation where the transfer fails silently, and the auction is created without the necessary tokens.

Impact

The impact of this vulnerability is potentially significant:

1. If the token transfer fails silently, an auction could be created without the intended tokens, leading to a non-functional auction.

2. Users might participate in an auction that doesn't actually have the promised tokens.

While this is classified as a low-severity issue due to its dependence on non-standard ERC20 implementations.

Tools Used

Manual

Recommendations

To mitigate this vulnerability, we recommend using OpenZeppelin's SafeERC20 library, which provides a safeTransferFrom function. This function ensures that the transfer either succeeds or the transaction reverts, handling both standard and non-standard ERC20 implementations safely.

Here's how the createAuction function should be modified:

By implementing this change, the contract ensures that token transfers will always either succeed or revert, preventing silent failures and ensuring the integrity of each created auction.